Friday, November 14, 2025

Trouble reading PDF file? Solution to reading malformed damaged PDF files

Sometimes PDF files can get scrambled and you are stuck not being able to open a PDF file. Most PDF software cannot open the test file below. Adobe Acrobat Reader issues the pop-up screen could not open because it's not a supported file type or the file has been damaged.

Solution:

Get XpdfReader PDF software which can open a malformed PDF files!

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Test 1:

In the following sample file, the file starts with malformed PDF file signature

%P!F- which is incorrect and should be %PDF-, as seen in FRHED editor.

XpdfReader is the only app I came across that could open this file with this first malformed change.

Test 2:

Then I remove leading angle bracket < where there should be two for <<Lineralired, and it opened!

Source

The original unadulterated file header is

%PDF-1.5%<bh:e2><bh:e3><bh:cf><bh:d3>10 0 obj\<</Linearized 1/L 105981/O 12/E 101484/N 1/T 105677/H [ 502 173]>>endobj

Opened Malformed File

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Example of absolute minimal PDF file contents "Hello World", copy and pasted into FHRED.

%PDF-1.1
1 0 obj
<< /Type /Catalog /Pages 2 0 R >>
endobj
2 0 obj
<< /Type /Pages /Kids [3 0 R] /Count 1 >>
endobj
3 0 obj
<< /Type /Page /Parent 2 0 R /MediaBox [0 0 200 200] /Contents 4 0 R /Resources << /Font << /F1 5 0 R >> >> >>
endobj
4 0 obj
<< /Length 44 >>
stream
BT
/F1 12 Tf
72 100 Td
(Hello World) Tj
ET
endstream
endobj
5 0 obj
<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>
endobj
xref
0 6
0000000000 65535 f 
0000000009 00000 n 
0000000056 00000 n 
0000000107 00000 n 
0000000212 00000 n 
0000000310 00000 n 
trailer
<< /Size 6 /Root 1 0 R >>
startxref
380
%%EOF

Here's Hello World.pdf opened in XpdfReader 4.06

Thursday, November 13, 2025

Sysinternals Process Explorer 16.43 is last working final version for Windows 7

Process Explorer v17.07

By Mark Russinovich

Published: November 11, 2025

no longer works on Windows 7. Windows 7 support is finally dead buy why?

Windows OS has over 1.5 billion active users globally as of 2025, and @2.5% thus 37.5 million are still active Windows 7 users!

Last know version to work on Windows 7 is Process Explorer v16.43 back in November 22, 2021.

Get it here Process Explorer 16.43 | System Monitors (fileeagle.com)

Wednesday, November 12, 2025

Detecting Glassworm malware hidden characters fast using file regex search with grepWin

A number of Visual Studio Code extensions have been infected with Glassworm and here's a fast way to check if your repo is infected using grepWin - Stefans Tools (stefankueng.com) a fast C open-source grep UI tool for Windows.

How GlassWorm wormed its way back into developers’ code — and what it says about open source security | InfoWorld Nov 10 Nov 2025

According to article above, this repo is infected with Glassworm

ai-driven-dev/vscode (github.com)

The article below lists Unicode characters that are deployed using Glassworm

Defending Against Glassworm: The Invisible Malware That's Rewriting Supply Chain Security | Snyk - 3 Nov 2025

The 277 explicit confusable characters used by Glassworm;

Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
Zero-width characters (U+200B, U+200C, U+200D)
Variation selectors (U+FE00-U+FE0F) — the base 16 selectors
Extended Variation Selectors (U+E0100-U+E01EF) — 240 additional characters used in Glassworm
No-break space (U+00A0)
Word joiner, soft hyphen, and other invisible characters

Here's the grepWin regex for:

Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
Zero-width characters (U+200B, U+200C, U+200D)

Variation selectors (U+FE00-U+FE0F) — the base 16 selectors

[\x202A\x202B\x202C\x202D\x202E\x2066\x2067\x2068\x2069\x200B\x200C\x200D\xFE00\xFE01\xFE02\xFE03\xFE04\xFE05\xFE06\xFE07\xFE08\xFE09\xFE0A\xFE0B\xFE0C\xFE0D\xFE0E\xFE0F]

Here's the grepWin regex for:

Extended Variation Selectors (U+E0100-U+E01EF) — 240 additional characters used in Glassworm
```
[\\xE0100-\\xE01EF]
```

GrepWin uses Perl regular expression syntax. Test at https://regex101.com/r/VNSYwc/2 choose PCRE2.

Here's the result using grepWin with regex search.

GrepWin with Content View selected.

represents found Unicode characters.

My Cool Apps

Path Too Long Auto Fixer find, report, fix syncing issues to the cloud, desktops, severs, HDs, SSDs, USBs, SANs

Clipboard Plaintext Power Tool turbo charge your clipboard with transform functions, best in the world

Solo SCRUM Sprinter App enforce task tracking every 30mins, Outlook calendar booking automation

Registry Viewer read-only registry viewer

eyeBreak 20-20-20 Rule App enforce eye break every 20mins

RegToText convert registry values to be human readable

Metadata Consulting [dot] ca - Blog

Pages